CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/05/01 12:0 a.m.•10 views

CVE-2025-44861

TOTOLINK CA300-POE V6.2c.884B20180522 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

0.00884EPSS

CNNVD•added 2025/05/01 12:0 a.m.•3 views

KUNBUS Revolution Pi OS Bookworm 安全漏洞

KUNBUS Revolution Pi OS Bookworm is an industrial-grade real-time operating system based on Debian Bookworm from KUNBUS. A security vulnerability exists in KUNBUS Revolution Pi OS Bookworm 01/2025 that stems from the Node-RED server not being configured for authentication by default, which could...

10CVSS9.4AI score0.00713EPSS

Cvelist•added 2025/05/01 12:0 a.m.•10 views

CVE-2025-44838

TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

0.00884EPSS

CVE•added 2025/05/01 12:0 a.m.•64 views

CVE-2025-44865

CVE-2025-44865 affects Tenda W20E, specifically version 15.11.0.6, with a flaw in the formSetDebugCfg function via the enable parameter that permits command injection. The vulnerability could allow an attacker to execute arbitrary commands through a crafted request. Publicly documented details co...

6.3CVSS8.3AI score0.01105EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2025/05/01 12:0 a.m.•7 views

CVE-2025-44835

D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in iptablesWebsFilterRun, which allows remote attackers to execute arbitrary commands via shell...

8.8AI score0.0105EPSS

CVE•added 2025/05/01 12:0 a.m.•74 views

CVE-2025-44835

D-Link DIR-816 A2V1.1.0B05 is affected by a command injection in the iptablesWebsFilterRun function, enabling remote attackers to execute arbitrary shell commands. This vulnerability has been described across multiple sources (including Red Hat/CVE data and PT Security advisories) with a consiste...

6.3CVSS8.2AI score0.0105EPSS

Exploits1References1Affected Software1

OSV•added 2025/04/30 6:15 p.m.•4 views

CVE-2025-4135

A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function uigetinputvalue. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure...

5.3CVSS5.6AI score0.02283EPSS

Exploits0References5

OSV•added 2025/04/30 3:16 p.m.•5 views

CVE-2025-4122

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure bu...

8.8CVSS5.6AI score0.03145EPSS

Exploits0References5

CNVD•added 2025/04/30 12:0 a.m.•1 views

PyTorch Remote Command Execution Vulnerability

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a remote command execution vulnerability that can be exploited by an attacker to execute arbitrary commands on a system...

9.8CVSS8AI score0.01878EPSS

Exploits0References1

Positive Technologies•added 2025/04/30 12:0 a.m.•3 views

PT-2025-18920 · Red Hat · Red Hat

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns a remote command execution in Red Hat Linux. However, Red Hat Product Security has concluded that this CVE is not needed, indicating a severity of 0.0 and NA...

6.7AI score

BDU FSTEC•added 2025/04/30 12:0 a.m.•6 views

The vulnerability of the zyUtilMailSend function in Wi-Fi amplifiers, subscriber terminals, DSL/Ethernet CPE routers allows a perpetrator to execute arbitrary commands.

The vulnerability of the zyUtilMailSend function in Wi-Fi amplifiers, subscriber terminals, DSL/Ethernet CPE routers exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS5.9AI score0.01052EPSS

BDU FSTEC•added 2025/04/30 12:0 a.m.•4 views

The vulnerability of the setScheduleCfg function in the microprogramming software for TOTOLINK X5000R allows a hacker to execute arbitrary commands.

The vulnerability of the setScheduleCfg function in TOTOLINK X5000R router microprogramming software exists due to the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by processing the recHour parameter...

9CVSS8.4AI score0.01193EPSS

BDU FSTEC•added 2025/04/30 12:0 a.m.•5 views

The vulnerability of the setScheduleCfg function in the microprogramming software for TOTOLINK X5000R allows a hacker to execute arbitrary commands.

9CVSS8.4AI score0.01573EPSS

BDU FSTEC•added 2025/04/30 12:0 a.m.•5 views

The vulnerability of the setScheduleCfg function in the microprogramming software for TOTOLINK X5000R allows a hacker to execute arbitrary commands.

9CVSS8.4AI score0.01573EPSS

BDU FSTEC•added 2025/04/30 12:0 a.m.•6 views

The vulnerability of the setScheduleCfg function in the microprogramming software for TOTOLINK X5000R allows a hacker to execute arbitrary commands.

9CVSS8.4AI score0.01573EPSS

BDU FSTEC•added 2025/04/30 12:0 a.m.•6 views

The vulnerability of ZyEE software in Wi-Fi amplifiers, subscriber terminals, DSL/Ethernet CPE routers allows a perpetrator to execute arbitrary commands.

The vulnerability of ZyEE software for Wi-Fi amplifiers, subscriber terminals, DSL/Ethernet CPE routers exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS5.9AI score0.01128EPSS